Reflections on the Sony Hack—Could It Happen to You?

On the morning of November 24, Sony’s employees powered up their computers after the weekend off, ready for the short work week ahead. On this morning, however, they weren’t greeted by their familiar desktops. Instead, every computer screen flashed the same ominous image: a red skeleton, with a warning message that “this is just the beginning.” The Sony hack is now three weeks old, and things seem to be going from bad to worse for the media company. The hackers—who are suspected agents of North Korea’s government, given their interest in halting the release of The Interview movie—have made good on their initial threat to release Sony’s “secrets and top secrets,” if Sony did not comply with their demands. Phones, computers and email services has been paralyzed, data leaks have devastated the reputations of Sony’s executives, and rumor has it, employees are communicating internally with fax machines and handwritten notes.

It’s a scary scenario for any business to imagine, but Sony is a very large company with a very large target on its back. Could something like this really happen to a company like yours? We broke down the key moments in the Sony hack to find out:

“We’ve obtained all your internal data” Reports suggest that the hackers, who call themselves the Guardians of Peace, have stolen around 100 terabytes of data from the Sony servers. Without the proper protections in place, this could certainly happen to your company—all it takes is a little motivation and a USB thumbdrive.

Lockout from email, voicemail and the internet The hacker group Anonymous has famously taken both large and small operations offline, usually by leveraging Distributed Denial of Service attacks designed to consume the target organization’s internet bandwidth. The victims of these attacks, like the Ferguson, Missouri city government, are often so far under the radar that they never expected to become the target of a group like Anonymous.

Leaked emails and secure communications Part of the data breach included a now-famous leak of executive emails. Hacking a company’s email can take as little as one, innocent click on a phishing email, and hackers can strong arm their way into the company’s mail server in no time.

Malware infections Perhaps the most frightening element of this hack is that it appears to have stemmed from malware—that’s right, malicious software carefully hidden behind seemingly harmless hyperlinks and attachments. Could your company fall victim to a massive malware infection? Absolutely.

Rogue employees Some speculate that the Sony hackers had assistance from some of Sony’s own employees. Insider threats are not uncommon, and the causes can range from simple ignorance to disgruntled behavior. Often, these kinds of hacks can take months to detect. The most common mistake we see with companies that have built and manage their own internal IT infrastructure is a lack of skill breadth—due to limited budget, the IT infrastructure is typically handled by either an individual or a small team of IT employees who do not have the broad IT skill base needed to build and manage an efficient, reliable and most importantly, secure IT infrastructure. Given the growing number of corporate hacks, like the ones seen with Sony, The Home Depot and Target, this limited IT skill base can also leave companies managing their own IT vulnerable to major security breaches.

Contact us today if you’re ready to start the security conversation for your business.